From 2b78e6883bd41147abc3c0c8d67abbbcf22b3618 Mon Sep 17 00:00:00 2001
From: MostInterestingBotInTheWorld
 <98333686+MostInterestingBotInTheWorld@users.noreply.github.com>
Date: Tue, 17 May 2022 12:25:59 -0400
Subject: [PATCH] Enhancement: cves/2021/CVE-2021-27850.yaml by mp

---
 cves/2021/CVE-2021-27850.yaml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/cves/2021/CVE-2021-27850.yaml b/cves/2021/CVE-2021-27850.yaml
index 29d63ef95b..aee9e9f464 100644
--- a/cves/2021/CVE-2021-27850.yaml
+++ b/cves/2021/CVE-2021-27850.yaml
@@ -1,11 +1,11 @@
 id: CVE-2021-27850
 
 info:
-  name: Apache Tapestry - Arbitrary class download
+  name: Apache Tapestry - Remote Code Execution
   author: pdteam
   severity: critical
   description: |
-    A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL.
+    Apache Tapestry contains a critical unauthenticated remote code execution vulnerability. Affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. Note that this vulnerability is a bypass of the fix for CVE-2019-0195. Before that fix it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2021-27850
   classification:
@@ -53,3 +53,5 @@ requests:
           - 'webtools'
         part: body
         condition: and
+
+# Enhanced by mp on 2022/05/17